Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/541034be-1844-4bf7-9c43-91bf5b83fa3d.roa
File: 541034be-1844-4bf7-9c43-91bf5b83fa3d.roa (raw, json)
Hash identifier: 9nZo2L5PIPEqPzExZFDVvDm4heI3cqivB8o0kcYXzgc=
Subject key identifier: 19:AF:F2:11:BB:E5:D6:5F:83:CA:1C:CA:81:1E:00:C8:BB:2D:8A:7A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 204A77509237A17245C0C748B081013F42215699
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/541034be-1844-4bf7-9c43-91bf5b83fa3d.roa
Signing time: Tue 01 Jul 2025 15:01:05 +0000
ROA not before: Tue 01 Jul 2025 15:01:05 +0000
ROA not after: Tue 05 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:8000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 14:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:4a:77:50:92:37:a1:72:45:c0:c7:48:b0:81:01:3f:42:21:56:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Jul 1 15:01:05 2025 GMT
Not After : Aug 5 23:59:59 2025 GMT
Subject: serialNumber=57ed79f66f60a365d9150fc6089ecb183213f0419a213f9f529d33ffcb0c7bfe, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:54:0f:24:f1:bc:8b:00:08:29:b7:c4:09:5f:
51:39:e6:4d:e3:7a:60:1d:47:bf:82:2f:8f:3c:6f:
38:29:45:c0:c3:1c:d9:04:aa:cb:f1:a5:7d:e2:f9:
f7:9a:69:95:f8:a0:0b:5f:19:c4:1a:fa:7a:e4:6d:
2c:58:cb:53:5f:69:3d:b4:aa:7d:2b:ae:6f:6b:5c:
ed:7d:0e:e0:87:8f:2c:9d:9d:e3:57:ec:2f:c7:99:
aa:cd:07:00:c8:2b:11:a1:61:13:9d:e9:96:b0:5d:
be:a0:6e:e0:67:95:94:8f:89:51:8d:f8:14:38:38:
ed:b2:3e:fd:c9:65:15:16:28:ea:c0:db:88:dd:7d:
38:6f:ca:60:c6:b4:e7:f4:97:b5:c3:00:16:60:23:
94:9f:ff:c5:5f:02:1f:9d:3c:18:1b:31:69:1d:fd:
cf:32:b2:74:72:ab:84:54:9c:6a:42:25:0c:c8:34:
0d:2c:84:13:bd:05:4e:a9:2e:c0:20:68:ad:66:22:
50:17:4e:1d:65:b2:8a:e9:bf:f1:8b:92:6a:d0:ae:
22:15:95:c6:45:c7:e2:44:5b:f0:fd:a9:f0:e3:7f:
cc:4c:12:4b:6c:ca:b0:21:f0:3c:42:f6:60:fd:7e:
3a:bc:12:a7:1d:0b:fb:e5:9c:b3:a9:2d:e8:ab:05:
89:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:AF:F2:11:BB:E5:D6:5F:83:CA:1C:CA:81:1E:00:C8:BB:2D:8A:7A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/541034be-1844-4bf7-9c43-91bf5b83fa3d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:8000::/40
Signature Algorithm: sha256WithRSAEncryption
5b:14:16:8b:84:8d:7a:36:a8:7f:eb:d5:0f:85:d3:5e:5c:a9:
cf:61:4b:89:ab:c6:d1:f4:bd:9b:88:55:a7:bb:1c:a6:4a:5e:
db:df:91:8f:f9:c6:22:7a:2e:e3:10:e7:2e:84:b1:8d:96:28:
11:f5:1f:71:2f:b4:d3:c6:eb:ad:0c:84:02:ff:31:9d:c6:5b:
ed:f9:80:e8:d8:d6:c6:65:72:32:ef:eb:e0:8e:9f:5c:f3:70:
4d:ac:36:94:dc:f8:a2:53:51:08:ed:0b:49:ca:02:11:99:0c:
cf:de:21:c2:de:af:35:74:be:4b:39:3a:05:c6:8a:f8:70:73:
4e:1c:f9:2f:0c:48:69:b3:b2:ff:2d:35:e0:20:ed:8e:18:d3:
1e:d3:68:39:a0:68:e4:21:cc:1f:f0:b0:b0:db:a9:4d:bc:f6:
7f:80:24:5f:0b:e1:83:fe:7a:7a:bc:cf:35:b2:e3:70:7e:72:
ed:69:95:b6:55:74:d7:92:ce:e5:b9:9e:ac:aa:f6:bd:10:75:
c2:43:63:fd:be:69:23:01:93:b0:a3:b8:32:3d:28:04:94:35:
31:d9:dc:57:e8:c6:f6:d4:2a:4d:85:8c:80:b8:a5:8a:98:b6:
73:d3:1f:22:bf:09:0e:10:39:f3:b6:9e:37:cf:10:8a:d9:fa:
d5:37:22:c8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIEp3UJI3oXJFwMdIsIEBP0IhVpkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDExNTAxMDVaFw0yNTA4MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU3ZWQ3OWY2NmY2MGEzNjVkOTE1MGZjNjA4OWVjYjE4MzIxM2YwNDE5YTIx
M2Y5ZjUyOWQzM2ZmY2IwYzdiZmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJUDyTxvIsACCm3xAlfUTnmTeN6YB1Hv4IvjzxvOClFwMMc2QSqy/GlfeL5
95pplfigC18ZxBr6euRtLFjLU19pPbSqfSuub2tc7X0O4IePLJ2d41fsL8eZqs0H
AMgrEaFhE53plrBdvqBu4GeVlI+JUY34FDg47bI+/cllFRYo6sDbiN19OG/KYMa0
5/SXtcMAFmAjlJ//xV8CH508GBsxaR39zzKydHKrhFScakIlDMg0DSyEE70FTqku
wCBorWYiUBdOHWWyium/8YuSatCuIhWVxkXH4kRb8P2p8ON/zEwSS2zKsCHwPEL2
YP1+OrwSpx0L++Wcs6kt6KsFiUUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQZr/IR
u+XWX4PKHMqBHgDIuy2KejAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTQxMDM0YmUtMTg0NC00YmY3LTljNDMtOTFiZjViODNmYTNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HaA
MA0GCSqGSIb3DQEBCwUAA4IBAQBbFBaLhI16Nqh/69UPhdNeXKnPYUuJq8bR9L2b
iFWnuxymSl7b35GP+cYiei7jEOcuhLGNligR9R9xL7TTxuutDIQC/zGdxlvt+YDo
2NbGZXIy7+vgjp9c83BNrDaU3PiiU1EI7QtJygIRmQzP3iHC3q81dL5LOToFxor4
cHNOHPkvDEhps7L/LTXgIO2OGNMe02g5oGjkIcwf8LCw26lNvPZ/gCRfC+GD/np6
vM81suNwfnLtaZW2VXTXks7luZ6sqva9EHXCQ2P9vmkjAZOwo7gyPSgElDUx2dxX
6Mb21CpNhYyAuKWKmLZz0x8ivwkOEDnztp43zxCK2frVNyLI
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:59:50 2025 by rpki-client